Total vulnerabilities in the database
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.
Software | From | Fixed in |
---|---|---|
gluster / glusterfs | - | 3.10.12 |
gluster / glusterfs | 4.0.2 | 4.0.2.x |